diff options
| author | jsing <> | 2022-04-27 17:28:34 +0000 | 
|---|---|---|
| committer | jsing <> | 2022-04-27 17:28:34 +0000 | 
| commit | a8d2bb1f6939a805dcd605eb24d943001c518eba (patch) | |
| tree | ce2fe813fb0707c8eef7760eb692261e035d1948 /src/lib/libc/crypt/chacha_private.h | |
| parent | b1bae5012039abee6cc0b8571de052ea5477da25 (diff) | |
| download | openbsd-a8d2bb1f6939a805dcd605eb24d943001c518eba.tar.gz openbsd-a8d2bb1f6939a805dcd605eb24d943001c518eba.tar.bz2 openbsd-a8d2bb1f6939a805dcd605eb24d943001c518eba.zip | |
Remove the ASN.1 decoder tag/length cache (TLC).
Currently, every time an ASN.1 identifier and length is decoded it is
stored in a tag/length cache for potential reuse. However, the only time
this is actually of benefit is when decoding CHOICE or SEQUENCE with
OPTIONAL fields (or MSTRING and ANY due to less than ideal
implementation). For CHOICE and SEQUENCE with OPTIONAL fields the
current code attempts to decode the first option and if that fails, it
moves onto the next option and attempts to decode it, repeating until
it succeeds (or runs out of options).
There are a number of problems with the cache. Firstly, it adds complexity
to the ASN.1 decoder since it has to be passed up and down through the
various layers. Secondly, there is nothing that keeps the cached data in
synchronisation with the input stream. This makes it fragile and a
potential security risk. Thirdly, the type is in the public headers and
API, meaning that we cannot readily change the types or fields to improve
the code.
Testing also suggests that in typical decoding cases we actually get a
small performance increase by removing the cache. There are also several
other options that would improve decoding performance, which we can visit
once we have simpler and more robust code.
ok beck@ inoguchi@ tb@
Diffstat (limited to 'src/lib/libc/crypt/chacha_private.h')
0 files changed, 0 insertions, 0 deletions
